Hi yamato, I have good news! Managed to reproduce this in a secure boot guest (after fighting with the keys hehe). There is an hypothesis of what's going on: one patch that was merged in -65 changed the way flags are set on purgatory, a piece of code used on kexec process. If we use kexec in a secure system, it must use the kexec_file_load syscall, which will rely in kernel purgatory. In no-secure-boot systems, the regular/old kexec_load flag is used, which loads the purgatory from kexec-tools.
If the hypothesis is right, we need to figure why kernel 5.3-hwe works - there is a potential fix there based on my analysis, could be that one...but more tests are required. In sosreport dmesg, you can see the following messages, which are related:
Hi yamato, I have good news! Managed to reproduce this in a secure boot guest (after fighting with the keys hehe). There is an hypothesis of what's going on: one patch that was merged in -65 changed the way flags are set on purgatory, a piece of code used on kexec process. If we use kexec in a secure system, it must use the kexec_file_load syscall, which will rely in kernel purgatory. In no-secure-boot systems, the regular/old kexec_load flag is used, which loads the purgatory from kexec-tools.
If the hypothesis is right, we need to figure why kernel 5.3-hwe works - there is a potential fix there based on my analysis, could be that one...but more tests are required. In sosreport dmesg, you can see the following messages, which are related:
kexec: Undefined symbol: __stack_chk_fail
kexec-bzImage64: Loading purgatory failed
Work is ongoing, thanks again for the report and tests!
Cheers,
Guilherme